Scribd
Upload
689 views1 page

GRC Analyst Job Description

The document outlines the responsibilities and skills required for a GRC Analyst position at Four Seasons. The responsibilities include conducting risk assessments, developing secure solution guides, evaluating adherence to security controls, identifying weaknesses, and assisting with audits. Required skills are extensive experience in security risk assessment, network security, standards like ISO and PCI, and communicating technical information to non-technical stakeholders. A bachelor's degree in security or IT is required along with certifications like CISSP and CISA.

Uploaded by

anujkhera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
689 views1 page

GRC Analyst Job Description

The document outlines the responsibilities and skills required for a GRC Analyst position at Four Seasons. The responsibilities include conducting risk assessments, developing secure solution guides, evaluating adherence to security controls, identifying weaknesses, and assisting with audits. Required skills are extensive experience in security risk assessment, network security, standards like ISO and PCI, and communicating technical information to non-technical stakeholders. A bachelor's degree in security or IT is required along with certifications like CISSP and CISA.

Uploaded by

anujkhera
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 1

Responsibilities:

Conduct information security risk assessments by following the Four Seasons internal risk
assessment methodology and template.
Assist in developing and documenting secure solution deployment and configuration guides as
the direct result of the completed risk assessments.
Day to day evaluation of adherence to Four Seasons internal information security controls.
Identify weaknesses in the in place operational processes, systems and network and escalating
these observations for management prioritization.
Participate in conference calls with hotels and vendors to gather information and to work on
specific tasks as required.
Promote information security awareness by providing hands on training and mentoring in the
areas of GRC.
Work with a multi discipline team to create a solid information technology infrastructure, and
collaborate with clients to ensure that the relevant policies and procedures are implemented.
May also be involved in the execution of internal audits and the creation of internal audit reports.

Skills required:
This is not a beginner level position and requires great comfort level and experience with both of the
technology and governance aspects of the job.
A GRC Analyst typically has a bachelor degree in information security or in information technology.
A strong technical understanding and hands-on experience with computer networks is a must have.
Ability to clearly communicate with technical and non-technical stakeholders is a must, in order
to translate technical jargon into business related decisions for management and clients, and
business objectives into technical solutions.
Ability to work independently and with minimal supervision.
Special emphasis is placed on demonstrated knowledge in the areas of risk assessment, strong
understandings of secure communications, secure data storage, secure systems development,
secure systems deployment and documentation.
Ability to rely on extensive field experience and judgment to plan and accomplish the set goals.
Familiarity with a variety of the information security, networking, and governance concepts,
practices, and procedures.
Demonstrated understanding of real world application of (ISO/IEC) 17799:2005(E) standards,
COBIT and RISK IT frameworks and PCI-DSS requirements.
Expert working knowledge report creation and data analysis via MS-Word, PowerPoint and Excel
applications.
Must be able to quickly absorb a high volume of company specific knowledge, understanding
new technologies and their impact on the company's overall security posture.
Well rounded understanding of the information security risks generated by incorrectly deployed
and configured applications.
Patience and an ability to teach is a plus, as much of the information discovered on the job
requires imparting knowledge to others in the company work environment.
Demonstrated ability to operate in a high stress multi-tasking environment.
A wide degree of creativity is expected.

Certifications:
CISSP
CISA

You might also like